Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20030226021 A1
Publication typeApplication
Application numberUS 10/161,106
Publication dateDec 4, 2003
Filing dateMay 30, 2002
Priority dateMay 30, 2002
Also published asUS7167980
Publication number10161106, 161106, US 2003/0226021 A1, US 2003/226021 A1, US 20030226021 A1, US 20030226021A1, US 2003226021 A1, US 2003226021A1, US-A1-20030226021, US-A1-2003226021, US2003/0226021A1, US2003/226021A1, US20030226021 A1, US20030226021A1, US2003226021 A1, US2003226021A1
InventorsChun Chiu
Original AssigneeChiu Chun Yang
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Data comparison process
US 20030226021 A1
Abstract
A process for comparing data, such as signatures in a data packet, includes retrieving, from a first hash table, a target value that corresponds to a segment of the data, processing the data in accordance with the target value to produce a checksum, locating an entry in a second hash table using the checksum, and comparing the data to the entry.
Images(4)
Previous page
Next page
Claims(30)
What is claimed is:
1. A method of comparing data, comprising:
retrieving, from a first hash table, a target value that corresponds to a segment of the data;
processing the data in accordance with the target value to produce a checksum;
locating an entry in a second hash table using the checksum; and
comparing the data to the entry.
2. The method of claim 1, wherein the target value corresponds to a length of the data.
3. The method of claim 2, wherein the target value comprises a number of bytes in the data.
4. The method of claim 1, wherein processing the data comprises processing a number of bytes indicated by the target value to produce the checksum.
5. The method of claim 1, wherein plural values, including the target value and a second value, correspond to the segment of data, the target value corresponding to a number of bytes of data and the second value corresponding to the number of bytes of data plus an increment.
6. The method of claim 5, wherein processing the data comprises:
processing the number of bytes that correspond to the target value to produce the checksum; and
determining a second checksum using the checksum and the increment.
7. The method of claim 6, further comprising:
locating a second entry in the second hash table using the second checksum; and
comparing the data to the second entry.
8. The method of claim 5, wherein the segment of data is included in each of the plural values.
9. The method of claim 1, further comprising:
indicating a match if the data and the entry are the same.
10. The method of claim 1, wherein the data comprises a signature in a data packet.
11. An apparatus for comparing data, comprising:
a memory that stores executable instructions; and
a processor that executes the instructions to:
retrieve, from a first hash table, a target value that corresponds to a segment of the data;
process the data in accordance with the target value to produce a checksum;
locate an entry in a second hash table using the checksum; and
compare the data to the entry.
12. The apparatus of claim 11, wherein the target value corresponds to a length of the data.
13. The apparatus of claim 12, wherein the target value comprises a number of bytes in the data.
14. The apparatus of claim 11, wherein processing the data comprises processing a number of bytes indicated by the target value to produce the checksum.
15. The apparatus of claim 11, wherein plural values, including the target value and a second value, correspond to the segment of data, the target value corresponding to a number of bytes of data and the second value corresponding to the number of bytes of data plus an increment.
16. The apparatus of claim 15, wherein processing the data comprises:
processing the number of bytes that correspond to the target value to produce the checksum; and
determining a second checksum using the checksum and the increment.
17. The apparatus of claim 16, wherein the processor executes instructions to:
locate a second entry in the second hash table using the second checksum; and
compare the data to the second entry.
18. The apparatus of claim 15, wherein the segment of data is included in each of the plural values.
19. The apparatus of claim 11, wherein the processor executes instructions to:
indicate a match if the data and the entry are the same.
20. The apparatus of claim 11, wherein the data comprises a signature in a data packet.
21. An article comprising a machine-readable medium that stores executable instructions to compare data, the instructions causing a machine to:
retrieve, from a first hash table, a target value that corresponds to a segment of the data;
process the data in accordance with the target value to produce a checksum;
locate an entry in a second hash table using the checksum; and
compare the data to the entry.
22. The article of claim 21, wherein the target value corresponds to a length of the data.
23. The article of claim 22, wherein the target value comprises a number of bytes in the data.
24. The article of claim 21, wherein processing the data comprises processing a number of bytes indicated by the target value to produce the checksum.
25. The article of claim 21, wherein plural values, including the target value and a second value, correspond to the segment of data, the target value corresponding to a number of bytes of data and the second value corresponding to the number of bytes of data plus an increment.
26. The article of claim 25, wherein processing the data comprises:
processing the number of bytes that correspond to the target value to produce the checksum; and
determining a second checksum using the checksum and the increment.
27. The article of claim 26, further comprising instructions that cause the machine to:
locate a second entry in the second hash table using the second checksum; and
compare the data to the second entry.
28. The article of claim 25, wherein the segment of data is included in each of the plural values.
29. The article of claim 21, further comprising instructions that cause the machine to:
indicate a match if the data and the entry are the same.
30. The article of claim 21, wherein the data comprises a signature in a data packet.
Description
TECHNICAL FIELD

[0001] This application relates to a process for performing data comparison to identify, e.g., a signature in a data packet.

BACKGROUND

[0002] Networks transmit data between devices using constructs known as data packets. A data packet includes a header which contains routing and other identification information and a payload which includes substantive data. A data packet also contains a signature that identifies the packet to network devices. The signature may identify the type of the packet and its source and destination, for example.

[0003] Devices on a network locate and identify a packet's signature in order to process the packet. The signature may be located anywhere in the data packet. A process known as deep packet inspection is used to search through data in the packet in order to locate the signature.

DESCRIPTION OF THE DRAWINGS

[0004]FIG. 1 is a flowchart showing a process for performing a data comparison process to locate a packet signature.

[0005]FIG. 2 is a block diagram of a hash table containing byte lengths that correspond to data segments.

[0006]FIG. 3 is a block diagram of a hash table containing pre-stored signatures and their corresponding keys.

[0007]FIG. 4 is a view of computer hardware on which the process of FIG. 1 may be implemented.

[0008] Like reference numerals in different figures indicate like elements.

DESCRIPTION

[0009]FIG. 1 shows process 10 for performing a deep packet inspection. Process 10 compares data, such as the signature of a data packet, to pre-stored data in order to determine if there is a match and, thus, to identify the signature. Process 10 can compare data from anywhere in the data packet, such as the header and payload, to locate the signature.

[0010] Process 10 receives a data packet, which includes a signature and other information. Process 10 selects (12) a segment of the data packet for comparison. Segments of data may be selected, in turn, from the data packet or specific portions, such as part of the packet header, may be selected.

[0011] Process 10 looks-up (14) the segment in a first hash table in order to determine if the segment is listed. The segment may constitute a portion, such as the beginning of, a packet signature. For example, if the packet signature is “0xAB 01 CD EF”, where the prefix “0x” indicates that the data is hexadecimal, the data segment may be “AB”. In this example, “AB” comprises a value of a first byte of the signature. It is noted, for reasons that will become apparent later, that different signatures may contain the same data segments. For example, the signature “0xAB 02 34” contains the same segment, namely “AB”, as signature “0xAB 01 CD EF”.

[0012] If the segment is not found in the first hash table (16), process 10 selects (12) a new segment and repeats the foregoing. If the segment is found in the hash table (16), process 10 retrieves (18) a target value that corresponds to the segment in the hash table. In this regard, the hash table contains one or more values that are indicative of the length of a signature that contains the data segment. So, in the example described herein, the hash table may contain two values, namely, “3” for the signature “0xAB 02 34” (which contains three bytes of data) and “4” for the signature “0xAB 01 CD EF” (which contains four bytes of data). It is noted that process 10 is not limited to using lengths defined by the number of bytes in a signature and that process 10 can accommodate any lengths (e.g., bit length, word length, etc.). FIG. 2 shows an example of a hash table containing data segment “AB” 20 and values of “3” and “4” for that segment.

[0013] Process 10 processes (22) the data in accordance with the value from the first hash table in order to produce a checksum. That is, process 10 generates a checksum starting with the initial data segment and using the number of bytes from that data segment forward in the data. For example, if the value retrieved from the first hash table is “3”, process 10 generates the checksum using three bytes, including the first byte, in this case “AB”. If the value retrieved from the first hash table is “4”, process 10 generates the checksum using four bytes, including the first byte, in this case “AB”.

[0014] Using the example set forth above, process 10 first generates a checksum using three bytes, which correspond to the value retrieved for signature “0xAB 02 34”. Process 10 uses this checksum to locate a value in a second hash table, also called the “signature hash table”. This value is a predefined data signature, which is compared against the received data in order to determine if there is a match and, thus, to identify the packet by its signature.

[0015] In more detail, process 10 determines a key for the second hash table using the checksum. In this embodiment, assuming that the checksum is 32 bits, the formula for determining the key is as follows:

key=(32 bit checksum)mod(number of buckets in hash table).

[0016] For the above example, if the checksums for “0xAB 01 CD EF” and “0xAB 02 34” are 5 and 10, respectively, and the bucket size of the hash table is three, then the keys have values of “1” and “2”, respectively. The keys 24 and 26 and their corresponding values 28 and 30 are depicted in the hash table shown in FIG. 3. It is noted that methods other than determining keys in this manner may be used to access the data stored in the signature hash table.

[0017] Referring back to FIG. 1, and starting with signature “0xAB 02 34”, process 10 uses (34) a key, such as that described above, to locate a corresponding entry from the signature hash table. If a corresponding entry is found (36), such as entry 28 for key “1” (FIG. 3), process 10 retrieves (38) that entry and compares (40) that entry to data in the data packet. Process 10 compares the entry to a number of bytes in the data packet, retrieved from the first hash table, starting with the initial data segment. Thus, for example, if the number retrieved from the first hash table is “3”, process 10 compares “0xAB 02 34” from the data to the signature “0xAB 02 34” retrieved from the signature hash table. Since these two match, process 10 may output an indication that there is a match. If there is no match in the signature hash table, process 10 may output an indication.

[0018] Process 10 determines (42) if there are any values retrieved from the first hash table for which the signature hash table has not been referenced. If so, process 10 returns to block 22 and performs the remainder of process 10 for each remaining value. In the example given above, assume that a value of “4” was retrieved from the first hash table. Process 10 then generates a checksum using four bytes of data from the data packet starting with, and including, the initial data segment, i.e., “AB”. If the same data segment is being used, then the checksum for the value of “4” can be generated using the checksum for the value of “3” and the incremental byte, in this case, one byte. Thus, the checksum can be generated incrementally, saving processing resources and time. The remainder of the process is identical to that described above. Once it has been completed, process 10 returns to block 12 and selects a new data segment for processing.

[0019]FIG. 4 shows a computer 50 for performing process 10. Computer 50 includes a processor 52 (e.g., a microprocessor, controller, etc.), a memory 54, and a storage medium 56 (e.g., a hard disk)(see view 60). Storage medium 56 stores data 62, such as network data packets, and machine-executable instructions 64, which are executed by processor 52 out of memory 54 to perform process 10 on data 62.

[0020] Process 10, however, is not limited to use with the hardware and software of FIG. 4; it may find applicability in any computing or processing environment. Process 10 may be implemented in hardware, software, or a combination of the two. Process 10 may be implemented in computer programs executing on programmable computers that each includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and one or more output devices. Program code may be applied to data entered using an input device, such as a mouse or a keyboard, to perform process 10 and to generate output information.

[0021] Each such program may be implemented in a high level procedural or object-oriented programming language to communicate with a computer system. However, the programs can be implemented in assembly or machine language. The language may be a compiled or an interpreted language.

[0022] Each computer program may be stored on an article of manufacture, such as a storage medium (e.g., CD-ROM, hard disk, or magnetic diskette) or device (e.g., computer peripheral), that is readable by a general or special purpose programmable computer for configuring and operating the computer when the storage medium or device is read by the computer to perform process 10. Process 10 may also be implemented as a machine-readable storage medium, configured with a computer program, where, upon execution, instructions in the computer program cause a machine to operate in accordance with process 10.

[0023] Embodiments of process 10 may be used in a variety of applications. Although process 10 is not limited in this respect, process 10 may be used with memory devices in microcontrollers, general purposed microprocessors, digital signal processors (DSPs), reduced instruction-set computing (RISC), and complex instruction-set computing (CISC), among other electronic components. However, it should be understood that process 10 is not limited to use with these examples.

[0024] Embodiments of process 10 may also be included in integrated circuit blocks referred to as core memory, cache memory, or other types of memory that store electronic instructions to be executed by a microprocessor or store data that may be used in arithmetic operations. Note that embodiments may be integrated into radio systems or hand-held portable devices. Thus, laptop computers, personal communication systems (PCS), personal digital assistants (PDAs), and other products may be used with process 10.

[0025] Other embodiments not described herein are also within the scope of the following claims. For example, the blocks of FIG. 1 may be rearranged and/or executed out of order to produce the results described above. Process 10 may be used to perform any type of data comparison and is not limited to performing a deep packet inspection to locate the signature of a data packet.

Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7167980 *May 30, 2002Jan 23, 2007Intel CorporationData comparison process
US7703138 *Dec 29, 2004Apr 20, 2010Intel CorporationUse of application signature to identify trusted traffic
US20100146274 *Jun 18, 2007Jun 10, 2010Telefonaktiebolaget L M Ericsson (Publ)Security for software defined radio terminals
Classifications
U.S. Classification713/181
International ClassificationH04L29/06
Cooperative ClassificationH04L63/12
European ClassificationH04L63/12
Legal Events
DateCodeEventDescription
Jul 14, 2010FPAYFee payment
Year of fee payment: 4
Sep 13, 2002ASAssignment
Owner name: INTEL CORPORATION, CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHIU, CHUN YANG;REEL/FRAME:013281/0734
Effective date: 20020805